Questions

How safe is my mobile phone when it comes to privacy?

+
2 Votes
Locked

How safe is my mobile phone when it comes to privacy?

linda-g
With all the phone hacking going on in the press, I did some research and found loads of stuff to hack people's phones! Do modern phones have the Big Brother spying capability already in the hardware? Any advice on this would be most appreciated.
  • +
    1 Votes
    Kenone

    I mean c'mon, you're broadcasting that signal over public airwaves. Not only can it be easily intercepted but even you're location can be determined. If you were to stand on top of a tall building with a megaphone and converse with the person on the next building over how private would that conversation be?

    +
    0 Votes
    linda-g

    Thanks Kenone, I get the point but people use mobiles to access the internet and use online banking! Maybe mobile phones should come with a warning - not safe for banking online?

    +
    3 Votes
    robo_dev

    Assuming you are on a GSM phone, the communication is encrypted and neither the signal nor the communication can be easily intercepted.

    It IS possible for a surveillance team with an appropriately outfitted communications van to intercept, decrypt in real-time, and monitor your GSM communications. Therefore, is your GSM phone secure enough for James Bond? No.

    Can a kid with a $50 Radio Shack scanner listen to your calls? No.

    Can an experienced and determined hacker listen to your calls? No.

    The issue is that to crack GSM you need to do real-time decryption on the fly. There's no magic shortcut to that, it takes LOTS of processing power, in addition to having the requirement that the attacker is within around 1/4 mile of his target, AND the attacker knows what he is attacking, etc (see communications van discussion above). So if an attacker spent hours to identify your mobile ESN, then parked his communications van packed with computing power within radio range, and you make a call to your mom, he *might* be able to at least capture the data and later decrypt it offline. All for what? To hear her complain about her bad hair day :)

    http://www.gsm-security.net/

    Also, like any telephone conversation, it is passing unprotected through the wired phone system, so if you're on your GSM mobile in Ufreakistan, expect that there's a guy in a basement room somewhere listening to your call. With respect to this risk, remember that there is some 'security through obscurity' due to the volume of phone calls that happen, and the cost/time it takes to monitor and intercept all that communication. Unless you are specifically targeted as someone who is a threat to someone else, you're fine.

    Remember, there are two goals with mobile phone security: preventing service theft and protecting customer privacy. Effectively both goals are served by the same technology, thus it is in the best interest of the service providers to have good security in place, or they would lose revenue...your privacy is an added benefit, but possibly not the service provider's primary concern. :)

    +
    0 Votes
    linda-g

    Thanks robo_dev,
    Good to have some tec knowledge on this. If we're using GSM we're OK, as for the hardware spying stuff that's for James Bond :)

    +
    0 Votes
    linda-g

    Hmm, I don't have a willy down there :) But I get the gist of it

    +
    0 Votes
    robo_dev

    As the OP was a woman, that would not normally be a major risk :) :)

    +
    1 Votes
    Kenone

    Ask Chris Paget, He did an interseting demo at DEFCON

    +
    0 Votes
    linda-g

    Getting into deep water here. Chris Paget, is he on this forum?

    +
    3 Votes
    robo_dev

    and he lives nowhere near the OP :)

    But seriously, what Paget does is not trivial by any stretch of anyone's imagination.

    "The low-cost, home-brewed device, developed by researcher Chris Paget, mimics more expensive devices already used by intelligence and law enforcement agencies called IMSI catchers that can capture phone ID data and content. The devices essentially spoof a legitimate GSM tower and entice cell phones to send them data by emitting a signal thats stronger than legitimate towers in the area."

    He had to modify his talk so he would not get arrested by Federal agents and you can be certain that the telcos have addressed the vuln that he demonstrated.

    If right now, I wanted to try out the attack/monitoring methods that Paget developed, could I do that? Nope. He did not publish his methods or source code, nor does he sell a 'DIY IMSI' catcher kit.

    Note that the vuln only applies to 2G GSM, not 3G.

    While there are tools such as Kraken which can crack *some* GSM encryption using a *somewhat large* (2TB) rainbow table on a GPU or FPGA based system, this is not a real threat.

    In the case of Kraken, nobody has developed the radio monitoring hardware and software to do this. It's very illegal in most countries. And even the 2TB rainbow table crack is only effective against the older (A5/1) encryption.

    To circle back to the 'point to all this':

    The 'security researchers' are at the proof-of-concept phase, and are showing vulns, not actual exploits.

    +
    1 Votes
    OH Smeg

    If you remove the battery they are part way secure otherwise there is Absolutely No Security Involved.

    Using the words Mobile Phone & Security in the same sentence is a Oxymoron and to be perfectly honest it's safer playing Russian Roulette with a Pistol instead of a Revolver.

    You are going to shoot yourself but in the process you are not going to give away any potentially personal information.

    Where as using one of the new Smart Phones everywhere you go you are leaving a trail of breadcrumbs for whoever wishes to follow.

    Col

    +
    2 Votes
    robo_dev

    In the olden days, you could hack your radio scanner and monitor certain cell phone frequencies, but that is no longer technically possible in any way shape, or form.

    Assuming that we are talking about a standard 3G GSM device, I submit that there are no known cases of anyone, outside of government surveillance teams, where anyone has monitored telephone communications, period.

    Consider the Pagett DefCon demo: he discovered a vuln with 2G GSM, and the proof-of-concept attempts to crack even the older version of GSM encryption involve a rainbow table that is TWO TERABYTES.

    So if we move forward to 3G GSM, and the most recent encryption algorithm, we're back to the reality that, while it may, in some theoretical universe, be insecure, in the environment that now exists, it is.

    Not to digress, but people sometimes confuse the issues related to WiFI security and believe that GSM has the same sorts of issues: it does not. Further, you cannot buy any radio receiver that intercepts GSM in any way, you must engineer and build your own radio.

    With respect to location data in smartphones and the so-called breadcrumb issue, keep in mind that a user concerned with privacy can turn off those features easily. The irony is that some of the same people crying out about data privacy have voluntarily shared their every belch and burp on their facebook page, so their concerns about some hypothetical hack on their GPS info is overshadowed by the geo-tagged photos that anybody can see on Facebook. There have been lots of cases where criminals have noted that somebody is on a beautiful two week vacation on Facebook, and use that as an opportunity to burgle the person's home.

    +
    0 Votes
    linda-g

    Thanks robo_dev,
    I posted before reading your reply. Good to have some common sense, there is certainly a bigger picture, that, at the moment is beyond me, but I'm learning. Gotta have a sense of humour cos life is oh so short :)

    +
    0 Votes
    OH Smeg

    robo_dev

    I wasn't so much thinking about the Voice which provided you are not on a Government Watch List is pretty safe but the other things that you do with your Smart Phone.

    Very Little of that is Secured and things like E Mail and Web Suffering and your current location defiantly are not secure.

    However if all you want is Voice Security the 3G system is very secure and is as secure as any Voice Transmissions.

    It's just the rest that is insecure and as the new ones have a GPS in them they can be used to track your position.

    Col

    +
    0 Votes
    linda-g

    If the lack of security using mobile phones was common knowledge then it would have a damaging impact on the mobile phone/spying industry. I didn???t realise how big an issue this is. People should know the truth, most will ignore it but some will cause a storm, then and only then will it change. But for how long? Maybe Orwell got it right and we???re living in it now but can't see it. I expect you guys know far more about this New World order stuff, I thought it is was just a myth but now I wonder about our future???

    +
    0 Votes
    OH Smeg

    If the lack of security using mobile phones was common knowledge then it would have a damaging impact on the mobile phone

    Not that I see, most of the things that can be used against you are sold as Features. Things like give this handset to your kid and be able to monitor their location, as well as use that same GPS to guide you to where you want to go.

    As for Web Browsing and E Mail this has not been limited by real computer use over a Wired Connection and as Wireless connections are the Growth Side of the Industry do you really believe that anyone really cares?

    Col

    +
    0 Votes
    linda-g

    Sneaky snakes, if it???s free or has some features it can come with a privacy tag. Like Adobe flash is up front about giving your data to 3rd parties in their Terms and conditions. Who reads them and who cares? The apathy of most people is a Godsend to the info gathers. I am just waking up to all this back-door stuff. I am sure there is far more going on???

    +
    0 Votes
    Kenone

    You seem totally enthralled with the encryption. If I entice your phone to attach to my ersatz "tower" it is a simple matter to send an instruction to your phone to switch off both encryption and compression. Your phone will not notify you. There is a warning message but it is disabled by every manufacturer, in the US anyway. Once switched off they stay switched off until the phone's battery is removed. Yes, some of these exploits are available on script kiddie sites. So what good does iron clad encryption do when it can be disabled by a simple command? Why do you suppose it is set up that way?

    +
    0 Votes
    robo_dev

    Remember that Pagetts proof-of-concept can only shut off encryption on 2G GSM phones, so my Blackberry, as configured, is immune to his promiscuous tower since it it locked to use 3G GSM only.

    You can be sure that the vuln that Mr. Pagett has discovered will be very quickly patched both in the phone firmware and taken into account with respect to how the telcos maintain and monitor their service.

    Note that there is a very big thing missing in the Pagett proof of concept: the ability to use your phone. Unless he has configured a land-line as part of his rogue cell tower, or is relaying it to another wireless device, it cannot act as a man-in-the-middle attack.

    Remember, his proof of concept was only to get phones to connect, not to be able to go mid-stream in a call. Consider that he would have to effectively create the functionality of a PBX to do that. If he was able to do all that, I'd almost be honored to have my call monitored, as that would be some amazing coding.
    The GSM Association responded to Pagett's demonstration, I have pasted it below:

    Update: The GSM Association responded in a statement that lists the limitations to Pagett???s method: the eavesdropper would have difficulties identifying or targeting any specific user, the interception only works within a certain range, in some cases, the call???s encryption could prevent eavesdropping, and GSM phones are designed to alert users when encryption is removed by a base station. (Paget said in his talk that no device he???s tested???including iPhone and Android phones???has had this option enabled.)

    In summary, the GSM Association spokeswoman writes, ???The overall advice for GSM calls and fixed line calls is the same. Neither has ever offered a guarantee of secure communications. The great majority of users will make calls with no reason to fear that anyone might be listening. However users with especially high security requirements should consider adding extra, end to end security features over the top of both their fixed line calls and their mobile calls.???

    +
    0 Votes
    OH Smeg

    Granted it's about the I Phone tracking your movements but it really applies to all smart phones.

    http://www.techrepublic.com/blog/mac/being-tracked-by-your-iphone-do-you-care/1109?tag=mantle_skin;content

    +
    0 Votes
    linda-g

    Big thanks :)

  • +
    1 Votes
    Kenone

    I mean c'mon, you're broadcasting that signal over public airwaves. Not only can it be easily intercepted but even you're location can be determined. If you were to stand on top of a tall building with a megaphone and converse with the person on the next building over how private would that conversation be?

    +
    0 Votes
    linda-g

    Thanks Kenone, I get the point but people use mobiles to access the internet and use online banking! Maybe mobile phones should come with a warning - not safe for banking online?

    +
    3 Votes
    robo_dev

    Assuming you are on a GSM phone, the communication is encrypted and neither the signal nor the communication can be easily intercepted.

    It IS possible for a surveillance team with an appropriately outfitted communications van to intercept, decrypt in real-time, and monitor your GSM communications. Therefore, is your GSM phone secure enough for James Bond? No.

    Can a kid with a $50 Radio Shack scanner listen to your calls? No.

    Can an experienced and determined hacker listen to your calls? No.

    The issue is that to crack GSM you need to do real-time decryption on the fly. There's no magic shortcut to that, it takes LOTS of processing power, in addition to having the requirement that the attacker is within around 1/4 mile of his target, AND the attacker knows what he is attacking, etc (see communications van discussion above). So if an attacker spent hours to identify your mobile ESN, then parked his communications van packed with computing power within radio range, and you make a call to your mom, he *might* be able to at least capture the data and later decrypt it offline. All for what? To hear her complain about her bad hair day :)

    http://www.gsm-security.net/

    Also, like any telephone conversation, it is passing unprotected through the wired phone system, so if you're on your GSM mobile in Ufreakistan, expect that there's a guy in a basement room somewhere listening to your call. With respect to this risk, remember that there is some 'security through obscurity' due to the volume of phone calls that happen, and the cost/time it takes to monitor and intercept all that communication. Unless you are specifically targeted as someone who is a threat to someone else, you're fine.

    Remember, there are two goals with mobile phone security: preventing service theft and protecting customer privacy. Effectively both goals are served by the same technology, thus it is in the best interest of the service providers to have good security in place, or they would lose revenue...your privacy is an added benefit, but possibly not the service provider's primary concern. :)

    +
    0 Votes
    linda-g

    Thanks robo_dev,
    Good to have some tec knowledge on this. If we're using GSM we're OK, as for the hardware spying stuff that's for James Bond :)

    +
    0 Votes
    linda-g

    Hmm, I don't have a willy down there :) But I get the gist of it

    +
    0 Votes
    robo_dev

    As the OP was a woman, that would not normally be a major risk :) :)

    +
    1 Votes
    Kenone

    Ask Chris Paget, He did an interseting demo at DEFCON

    +
    0 Votes
    linda-g

    Getting into deep water here. Chris Paget, is he on this forum?

    +
    3 Votes
    robo_dev

    and he lives nowhere near the OP :)

    But seriously, what Paget does is not trivial by any stretch of anyone's imagination.

    "The low-cost, home-brewed device, developed by researcher Chris Paget, mimics more expensive devices already used by intelligence and law enforcement agencies called IMSI catchers that can capture phone ID data and content. The devices essentially spoof a legitimate GSM tower and entice cell phones to send them data by emitting a signal thats stronger than legitimate towers in the area."

    He had to modify his talk so he would not get arrested by Federal agents and you can be certain that the telcos have addressed the vuln that he demonstrated.

    If right now, I wanted to try out the attack/monitoring methods that Paget developed, could I do that? Nope. He did not publish his methods or source code, nor does he sell a 'DIY IMSI' catcher kit.

    Note that the vuln only applies to 2G GSM, not 3G.

    While there are tools such as Kraken which can crack *some* GSM encryption using a *somewhat large* (2TB) rainbow table on a GPU or FPGA based system, this is not a real threat.

    In the case of Kraken, nobody has developed the radio monitoring hardware and software to do this. It's very illegal in most countries. And even the 2TB rainbow table crack is only effective against the older (A5/1) encryption.

    To circle back to the 'point to all this':

    The 'security researchers' are at the proof-of-concept phase, and are showing vulns, not actual exploits.

    +
    1 Votes
    OH Smeg

    If you remove the battery they are part way secure otherwise there is Absolutely No Security Involved.

    Using the words Mobile Phone & Security in the same sentence is a Oxymoron and to be perfectly honest it's safer playing Russian Roulette with a Pistol instead of a Revolver.

    You are going to shoot yourself but in the process you are not going to give away any potentially personal information.

    Where as using one of the new Smart Phones everywhere you go you are leaving a trail of breadcrumbs for whoever wishes to follow.

    Col

    +
    2 Votes
    robo_dev

    In the olden days, you could hack your radio scanner and monitor certain cell phone frequencies, but that is no longer technically possible in any way shape, or form.

    Assuming that we are talking about a standard 3G GSM device, I submit that there are no known cases of anyone, outside of government surveillance teams, where anyone has monitored telephone communications, period.

    Consider the Pagett DefCon demo: he discovered a vuln with 2G GSM, and the proof-of-concept attempts to crack even the older version of GSM encryption involve a rainbow table that is TWO TERABYTES.

    So if we move forward to 3G GSM, and the most recent encryption algorithm, we're back to the reality that, while it may, in some theoretical universe, be insecure, in the environment that now exists, it is.

    Not to digress, but people sometimes confuse the issues related to WiFI security and believe that GSM has the same sorts of issues: it does not. Further, you cannot buy any radio receiver that intercepts GSM in any way, you must engineer and build your own radio.

    With respect to location data in smartphones and the so-called breadcrumb issue, keep in mind that a user concerned with privacy can turn off those features easily. The irony is that some of the same people crying out about data privacy have voluntarily shared their every belch and burp on their facebook page, so their concerns about some hypothetical hack on their GPS info is overshadowed by the geo-tagged photos that anybody can see on Facebook. There have been lots of cases where criminals have noted that somebody is on a beautiful two week vacation on Facebook, and use that as an opportunity to burgle the person's home.

    +
    0 Votes
    linda-g

    Thanks robo_dev,
    I posted before reading your reply. Good to have some common sense, there is certainly a bigger picture, that, at the moment is beyond me, but I'm learning. Gotta have a sense of humour cos life is oh so short :)

    +
    0 Votes
    OH Smeg

    robo_dev

    I wasn't so much thinking about the Voice which provided you are not on a Government Watch List is pretty safe but the other things that you do with your Smart Phone.

    Very Little of that is Secured and things like E Mail and Web Suffering and your current location defiantly are not secure.

    However if all you want is Voice Security the 3G system is very secure and is as secure as any Voice Transmissions.

    It's just the rest that is insecure and as the new ones have a GPS in them they can be used to track your position.

    Col

    +
    0 Votes
    linda-g

    If the lack of security using mobile phones was common knowledge then it would have a damaging impact on the mobile phone/spying industry. I didn???t realise how big an issue this is. People should know the truth, most will ignore it but some will cause a storm, then and only then will it change. But for how long? Maybe Orwell got it right and we???re living in it now but can't see it. I expect you guys know far more about this New World order stuff, I thought it is was just a myth but now I wonder about our future???

    +
    0 Votes
    OH Smeg

    If the lack of security using mobile phones was common knowledge then it would have a damaging impact on the mobile phone

    Not that I see, most of the things that can be used against you are sold as Features. Things like give this handset to your kid and be able to monitor their location, as well as use that same GPS to guide you to where you want to go.

    As for Web Browsing and E Mail this has not been limited by real computer use over a Wired Connection and as Wireless connections are the Growth Side of the Industry do you really believe that anyone really cares?

    Col

    +
    0 Votes
    linda-g

    Sneaky snakes, if it???s free or has some features it can come with a privacy tag. Like Adobe flash is up front about giving your data to 3rd parties in their Terms and conditions. Who reads them and who cares? The apathy of most people is a Godsend to the info gathers. I am just waking up to all this back-door stuff. I am sure there is far more going on???

    +
    0 Votes
    Kenone

    You seem totally enthralled with the encryption. If I entice your phone to attach to my ersatz "tower" it is a simple matter to send an instruction to your phone to switch off both encryption and compression. Your phone will not notify you. There is a warning message but it is disabled by every manufacturer, in the US anyway. Once switched off they stay switched off until the phone's battery is removed. Yes, some of these exploits are available on script kiddie sites. So what good does iron clad encryption do when it can be disabled by a simple command? Why do you suppose it is set up that way?

    +
    0 Votes
    robo_dev

    Remember that Pagetts proof-of-concept can only shut off encryption on 2G GSM phones, so my Blackberry, as configured, is immune to his promiscuous tower since it it locked to use 3G GSM only.

    You can be sure that the vuln that Mr. Pagett has discovered will be very quickly patched both in the phone firmware and taken into account with respect to how the telcos maintain and monitor their service.

    Note that there is a very big thing missing in the Pagett proof of concept: the ability to use your phone. Unless he has configured a land-line as part of his rogue cell tower, or is relaying it to another wireless device, it cannot act as a man-in-the-middle attack.

    Remember, his proof of concept was only to get phones to connect, not to be able to go mid-stream in a call. Consider that he would have to effectively create the functionality of a PBX to do that. If he was able to do all that, I'd almost be honored to have my call monitored, as that would be some amazing coding.
    The GSM Association responded to Pagett's demonstration, I have pasted it below:

    Update: The GSM Association responded in a statement that lists the limitations to Pagett???s method: the eavesdropper would have difficulties identifying or targeting any specific user, the interception only works within a certain range, in some cases, the call???s encryption could prevent eavesdropping, and GSM phones are designed to alert users when encryption is removed by a base station. (Paget said in his talk that no device he???s tested???including iPhone and Android phones???has had this option enabled.)

    In summary, the GSM Association spokeswoman writes, ???The overall advice for GSM calls and fixed line calls is the same. Neither has ever offered a guarantee of secure communications. The great majority of users will make calls with no reason to fear that anyone might be listening. However users with especially high security requirements should consider adding extra, end to end security features over the top of both their fixed line calls and their mobile calls.???

    +
    0 Votes
    OH Smeg

    Granted it's about the I Phone tracking your movements but it really applies to all smart phones.

    http://www.techrepublic.com/blog/mac/being-tracked-by-your-iphone-do-you-care/1109?tag=mantle_skin;content

    +
    0 Votes
    linda-g

    Big thanks :)